package com.malred.security.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author malguy-wang sir
 * @create ---
 */
@Controller
@RequestMapping("/admin")
public class adminController {
    @RequestMapping("/hello")
    @Secured({"ROLE_admin","ROLE_manager"}) //ROLE_admin和ROLE_manager可以访问
    public String hello(){
        return "hello";
    }
    @RequestMapping("/operate")
    @ResponseBody
//    @PreAuthorize("hasRole('ROLE_admin')")
    @PreAuthorize("hasAnyAuthority('admin')")
    public String operate(){
        return "operate";
    }
}
